The General Data Protection Regulations (GDPR) replaced the Data Protection Act 1998 (DPA) which came into force on 25th May 2018.
The Data Protection Principles will remain largely the same and the University will still need to ensure personal data is;
In addition to this, the GDPR will encourage a more proactive and documented approach to compliance. This means the University will have to keep records of the personal data it holds and how that data is processed. The University takes these statutory obligations seriously and will;
The University will continue to be regulated by the Information Commissioners Office (ICO) with regards to data protection.
If you suspect there has been a breach, you must report it without delay to: Itshelp@hope.ac.uk using subject header: DATA BREACH
For further guidance on what you need to report and what to do if you discover a breach outside of core working hours, please see the University's GDPR Data Breach Procedure.
The University must report a breach of data to the Information Commissioners Office within 72 hours of discovering the breach. DO NOT DELAY INFORMING THE UNIVERSITY IF YOU SUSPECT A BREACH.
The Information Commissioners Office (ICO) is the UK's independent authority set up to uphold information rights in the public interest and data privacy for individuals.
There are also toolkits available to help staff working with personal data - Think.Check.Share.Communicating the Importance of Information Security to Staff
Further information about how to ensure compliance with GDPR can be found in the Staff Guidance on Data Protection booklet
More practical advice about handling personal data is available in the ?Data Protection Do's and Don'ts Guide
Data privacy should be considered as part of any project or activity which involves processing personal data to ensure data protection is a key consideration from the outset. A Data Protection Impact Assessment (DPIA) can be used as a tool to assist with this process:
The following schedules provide detailed information about how long the University keeps its data before disposing of it: